New security update fixes macOS root bug

Enlarge (credit: Samuel Axon)
Yesterday we learned that Apple had made a serious security error in macOS—a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in “root” as the username and leaving the password field blank.

Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store.

Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.
Apple’s brief notes for this security update (Security Update 2017-001) explain the bug by saying, “A logic error existed in the validation of credentials,” and claims the problem has been addressed “with improved credential validation.”

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.